feat: Switched time based bot protection from JS to PHP sessions.
This commit is contained in:
parent
a3fd3f8ac4
commit
b92e4c28c6
@ -8,13 +8,27 @@ const captcha = document.getElementsByClassName('contact_form__captcha')[0];
|
|||||||
const now = (new Date().getTime()/1000).toFixed();
|
const now = (new Date().getTime()/1000).toFixed();
|
||||||
const feedback = document.getElementsByClassName('contact_form__feedback')[0];
|
const feedback = document.getElementsByClassName('contact_form__feedback')[0];
|
||||||
|
|
||||||
|
window.addEventListener('DOMContentLoaded', function(event) {
|
||||||
|
let formData = new FormData();
|
||||||
|
formData.append('action', 'start_session');
|
||||||
|
fetch(ajaxUrl, {
|
||||||
|
method: 'POST',
|
||||||
|
mode: 'same-origin',
|
||||||
|
body: formData,
|
||||||
|
})
|
||||||
|
.then(response => response.json())
|
||||||
|
.then(json => {
|
||||||
|
console.log(json);
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
contact_form.addEventListener('submit', function(event) {
|
contact_form.addEventListener('submit', function(event) {
|
||||||
event.preventDefault();
|
event.preventDefault();
|
||||||
let formData = new FormData();
|
let formData = new FormData();
|
||||||
|
formData.append('action', 'handle_form');
|
||||||
formData.append('message', message.value);
|
formData.append('message', message.value);
|
||||||
formData.append('name', name.value);
|
formData.append('name', name.value);
|
||||||
formData.append('email', email.value);
|
formData.append('email', email.value);
|
||||||
formData.append('time_sent', now);
|
|
||||||
|
|
||||||
// If some bot entered some value, return.
|
// If some bot entered some value, return.
|
||||||
if (typeof captcha.value == 'undefined') {
|
if (typeof captcha.value == 'undefined') {
|
||||||
@ -31,7 +45,7 @@ contact_form.addEventListener('submit', function(event) {
|
|||||||
})
|
})
|
||||||
.then(response => response.json())
|
.then(response => response.json())
|
||||||
.then(json => {
|
.then(json => {
|
||||||
console.log(json)
|
console.log(json);
|
||||||
if (json.errors) {
|
if (json.errors) {
|
||||||
feedback.classList.add('--error');
|
feedback.classList.add('--error');
|
||||||
// Über errors iterieren und diese ausgeben (evtl. nur ersten Fehler ausgeben?)
|
// Über errors iterieren und diese ausgeben (evtl. nur ersten Fehler ausgeben?)
|
||||||
|
@ -1,7 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
$message = '';
|
session_start();
|
||||||
$name = '';
|
|
||||||
$email = '';
|
|
||||||
|
|
||||||
function sanitize_text(string $name) {
|
function sanitize_text(string $name) {
|
||||||
$text = filter_var($_POST[$name], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
$text = filter_var($_POST[$name], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||||
@ -39,7 +37,7 @@ function send_response($response_data) {
|
|||||||
echo $json;
|
echo $json;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
function prepare_response() {
|
||||||
$response = array();
|
$response = array();
|
||||||
|
|
||||||
if (empty($_POST['message'])) {
|
if (empty($_POST['message'])) {
|
||||||
@ -59,9 +57,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|||||||
*/
|
*/
|
||||||
if (
|
if (
|
||||||
$_POST['captcha'] != 'Nudelsuppe' or
|
$_POST['captcha'] != 'Nudelsuppe' or
|
||||||
preg_match('/\d{10}/', $_POST['time_sent']) != 1 or
|
time() - $_SESSION['start_time'] < 5 or
|
||||||
time() - intval($_POST['time_sent']) < 5 or
|
time() - $_SESSION['start_time'] > 3600
|
||||||
time() - intval($_POST['time_sent']) > 3600
|
|
||||||
) {
|
) {
|
||||||
$response['errors'][] = 'Wir glauben du bist ein Bot.';
|
$response['errors'][] = 'Wir glauben du bist ein Bot.';
|
||||||
}
|
}
|
||||||
@ -76,6 +73,26 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|||||||
$response['status'] = 'ok';
|
$response['status'] = 'ok';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
|
$response = array();
|
||||||
|
|
||||||
|
if (empty($_POST['action'])){
|
||||||
|
$response['errors'][] = 'Kann eigentlich nicht passieren :/';
|
||||||
|
} else {
|
||||||
|
if ($_POST['action'] == 'start_session') {
|
||||||
|
$_SESSION['start_time'] = time();
|
||||||
|
// $response['session_start_time'] = $_SESSION['start_time'];
|
||||||
|
// $response['session_id_before'] = session_id();
|
||||||
|
} elseif ($_POST['action'] == 'handle_form') {
|
||||||
|
$response = prepare_response();
|
||||||
|
session_destroy();
|
||||||
|
} else {
|
||||||
|
$response['errors'][] = 'Kann eigentlich auch nicht passieren :/';
|
||||||
|
}
|
||||||
|
}
|
||||||
send_response($response);
|
send_response($response);
|
||||||
} else {
|
} else {
|
||||||
http_response_code(404);
|
http_response_code(404);
|
||||||
|
Loading…
Reference in New Issue
Block a user